Be Paranoid ‘Cuz…They Really Are Out There

“I just stole fifty cars in one night! I'm a little tired, little “wired,” and I think I deserve a little appreciation!”– Memphis, Gone in Sixty Seconds (Touchstone Pictures, 2000)

If you pay a lot of attention to your online security, you’re probably not reading this.

If you pay no attention, you’re probably ****ed!

If you have a normal concern…how bad can it be?

Take a minute and go to your favorite sites and search on the subject of online/onphone security.

You’ll probably find that:- there’s an increase in the presence of malicious content on trusted sites – including search engines, blogs, bulletin boards, personal web sites, online magazines and mainstream news sites- there are more than 170,000 new malware apps spotted every month- more than 800,000 phishing emails were reported in one month at mid-year- $4.5 bln lost to phishing in 2007- $740 mln lost in 2 years to e-mail scams- 1.45% of e-mails sent in May 2006 contained viruses- 129 mln Americans received phishing e-mails- 4.57% of Gmail filtered spam is false positive- 22.5 million different samples of malware were recorded in June, double the year before- New webpage infections were discovered by Sophos every 3.6 sec (4x faster than last year)

Whew!

You’ll also discover that Americans can pride themselves on being a leader.

That’s right.

The U.S. stole the #1 country hosting malware honors from China.

As Raymond Calitri said, “They threw us out of England, they threw us out of France, so here we are. Flourishing, really, except for the minor inconvenience of despising everything about your country.”

Figure 2 -- Random to Gangs – As more and more people (and their money) went online, attacks went from cyberpunks to cyber gangs. The online thief’s have become very efficient and effective in their work and in their ability to skirt current security protection. Their goal? Stay one step ahead of you. Source -- NYTimes

They’re out there … and they’re hungry.

Rich Feeding GroundsThe 40-year-old Internet and the burgeoning Web 2.0 have become a rich information gathering ground for … everyone!

Oh, and that search of yours?

You’ll be happy to know that:- what you do online is not private and can be shared without your permission- companies don’t have to identify themselves and indicate they are collecting data- your collected information can be shared without your okay (you think Google makes its gazillions by giving stuff away?)- no one needs a court order to monitor your online activates

They sorta’ look at each other and repeat Mirror Man’s question, “Hey, Sphinx, I don't look suspicious, do I, man?”

No wonder people are more concerned abut their online security.

Figure 3 -- More Caution, More Concern – The growing coverage of cybersecurity threats and break-in/thefts have raised people’s awareness of potential problems. Despite this, people continue to forgo installing and using readily available and economical security products. In addition, the products/services aren’t properly maintained and even OS and application patches that would prevent breaches are often not installed. Sourced – Mintel International Group

Of course, widely publicized security breaches like Twitter’s co-founders files being hacked, the theft of ATM numbers from 7-Eleven stores, credit card numbers from TJX and Heartland Bank’s loss of over 500,000 credit card numbers have all helped increase the awareness.

Out and out computer theft today is still a significant concern, but it is so yesterday. Figure 4 -- Value Grab – While the theft of portable computers and smartphones have decreased, the value of the content on the device to individuals and organizations remains very high. Hardware replacement is minor compared to the value of corporate and personal data and at times, valuable IP. Source -- zTrace

You can get hurt doing it, or worse.

As The Sphinx told the crew, “If his unpleasant wounding has in some way enlightened the rest of you as to the grim finish beneath the glossy veneer of criminal life and inspired you to change your ways, then his injuries carry with it an inherent nobility, and a supreme glory.”

Numbers Down, Value UpPhishing and click fraud are still major concerns even though the rate has declined.

Figure 5 -- Downward Trend – Click fraud appears to have reached a plateau and decreased in total numbers, but the dollar value of the losses has increased. Awareness and caution have reduced the numbers but there are more sophisticated ways for cybercriminals to separate a fool and his/her money. Source – Click Forensics

While the number of reported incidents has dropped off, the size of the take has increased.

At the same time, identity fraud is declining. Figure 6 -- Better ROI – Identity fraud has also decreased, while the value of the incidents has increased. Organized crime has also found that the value to them of ATM and credit card numbers has fallen because of better security monitoring by financial institutions. But PIN number acquisition can provide excellent returns. Source – Javelin Security & Research

People continue to share too much personal information on locations such as Twitter, Facebook, linkedIn, MySpace and similar locations around the globe.

The increasingly sophisticated criminals have access to huge bundles of money to buy the same security and support tools as well as leading-edge talent (who may have been recently laid off) to invest where it’s necessary.

They’ve gotten so sophisticated that your ATM card number is almost worthless – one report said you can buy them on the black market for a nickel apiece.

They’ve gone down in value because security officials have gotten better. They can sometimes detect stolen ATM numbers before a purchase is made.

Your PIN number? That’s worth $5.

They can clean out your bank accounts and it’s difficult to discover…until it’s too late!

As Memphis exclaimed, “Champagne would fall from the heavens. Doors would open. Velvet ropes would part.”

According to Ken Silva, chief security officer at Verisign, “The more money that goes on the Internet, the more interest there is in people trying to separate you from that money.”

Figure 7 -- Follow the Money – As people become increasingly comfortable with online banking, cybercriminals turn their attention to accessing individual PIN numbers so they can empty entire bank accounts. Financial institutions are investing in IT technology to secure their systems from inside and outside intrusion. Source -- Celent

Cybercriminals are tougher to locate, and even more difficult to dig out. But security firms, law enforcement agencies and financial institutions do their best to protect vital banking information.

But with the banking meltdown, phishing emails have increased – again.

We’ve all seen those emails about a rumored bank merger or collapse, impersonated bank statements and requests for you to verify your account details.

At some level, they have to work because no one wants to phish a dry hole.

Oh and don’t even get us started on the subject of banking with your smartphone…over the phone line is so secure!!

Apple Boostin’Through all of this Mac folks are saying with a smirk, “Oh those poor PC idiots!”

Wrong!

Attackers go with the numbers. They want to carry out their crime on a large scale by infiltrating millions of computers.

As the Mac market share grows, the Mac will be a sweeter target, and the attacks will succeed!!

Experts have found more security holes in the Foxfire Web browser than in Microsoft’s IE. Apple took the longest to fix Safari vulnerabilities and the longest to patch their OS holes.

Drycroff will gaze at Infinity Circle and say, “This is one of three brand-new Mercedes, a car they say is ‘unstealable’."

Memphis will look back at him and say, “I am a baaaad man.’

The Internet and Web 2.0 is a lot like the plumbing in an old house…leaks happen. New pipes (applications) are added to old pipes (infrastructure).

The new sites, new applications are focusing on building their customer base, rather than protecting current customers.

In addition, the steady stream of security enhancements doesn’t ensure that the network, the entire system is secure.

Web security isn’t just a browser or client-side issue anymore. These bottom feeders know how to make the most of an insecure Web app to get at people like you.